From b0057564e155afd9bbf8a10a7c7167f1782943ca Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Mon, 16 Jul 2012 14:01:43 +0000
Subject: Bring back the subnet definitions for home net since HOME_NET defines
 what to be looked after. Maybe use any as default snort.conf?

---
 config/snort/snort.inc | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'config/snort')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index a2787408..eb1b57c5 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -155,12 +155,16 @@ function snort_build_list($snortcfg, $listname = "") {
 		/* calculate interface subnet information */
 		if (function_exists('get_interface_ip')) {
 			$subnet = get_interface_ip($int);
-			if (is_ipaddr($subnet))
-				$home_net .= "{$subnet} ";
+			if (is_ipaddr($subnet)) {
+				$sn = get_interface_subnet($int);
+				$home_net .= "{$subnet}/{$sn} ";
+			}
 			if (function_exists("get_interface_ipv6")) {
 				$subnet = get_interface_ipv6($int);
-				if (is_ipaddrv6($subnet))
-					$home_net .= "{$subnet} ";
+				if (is_ipaddrv6($subnet)) {
+					$sn = get_interface_subnetv6($int);
+					$home_net .= "{$subnet}/{$sn} ";
+				}
 			}
 		} else {
 			$ifcfg = $config['interfaces'][$int];
@@ -215,7 +219,7 @@ function snort_build_list($snortcfg, $listname = "") {
 		if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
 			foreach($config['virtualip']['vip'] as $vip)
 				if ($vip['subnet'] && $vip['mode'] != 'proxyarp')
-					$home_net .= "{$vip['subnet']} ";
+					$home_net .= "{$vip['subnet']}/{$vip['subnet_bits']} ";
 		}
 	}
 
-- 
cgit v1.2.3